Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2025-03-07_6dba99b9f01b60f4e29b3403f1e01149_babuk_destroyer
-
Size
79KB
-
Sample
250307-s5ga7asrt7
-
MD5
6dba99b9f01b60f4e29b3403f1e01149
-
SHA1
2c64b980313f358a8bcd1b74d42401e243203c4d
-
SHA256
57bc12da2b1887c8a88e0bd5e8ed6b0c90c12df3988b91f8da6d37dd4dc93f9e
-
SHA512
ae17da8cb928c796d2176a4f685a0e81d27a1ce5a669ead427895a190722ec8121f66e010aa2c29eca44c7dacd67ee1d1a79f63c05730ad6de674621a3b7574e
-
SSDEEP
1536:u7qvMih8xubbsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2nQQ:5vMiyubsrQLOJgY8Zp8LHD4XWaNH71dE
Malware Config
Targets
-
-
Target
2025-03-07_6dba99b9f01b60f4e29b3403f1e01149_babuk_destroyer
-
Size
79KB
-
MD5
6dba99b9f01b60f4e29b3403f1e01149
-
SHA1
2c64b980313f358a8bcd1b74d42401e243203c4d
-
SHA256
57bc12da2b1887c8a88e0bd5e8ed6b0c90c12df3988b91f8da6d37dd4dc93f9e
-
SHA512
ae17da8cb928c796d2176a4f685a0e81d27a1ce5a669ead427895a190722ec8121f66e010aa2c29eca44c7dacd67ee1d1a79f63c05730ad6de674621a3b7574e
-
SSDEEP
1536:u7qvMih8xubbsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2nQQ:5vMiyubsrQLOJgY8Zp8LHD4XWaNH71dE
Score10/10-
Babuk Locker
RaaS first seen in 2021 initially called Vasa Locker.
-
Babuk family
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-